outfireupdate.exe

Shulan Hou

The application outfireupdate.exe by Shulan Hou has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a scheduled task under the Windows Task Scheduler named OutfireUpdateTaskMachineCore triggered by a time event.
Publisher:
Shulan Hou  (signed and verified)

MD5:
d764c865a979d9b8d9cb8496eb77dea5

SHA-1:
3ce04b6a980903e2a4ea4cd2a0de4ff682b416bc

SHA-256:
0d6d7abdc657fff56ec7868e465879bb473e0e26721bbb57dde7e8a6f442daae

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/23/2024 11:50:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.ELEX (M)
16.8.12.2

File size:
558.4 KB (571,776 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\outfire\update\outfireupdate.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
8/4/2016 7:00:00 AM

Valid to:
6/14/2017 6:59:59 AM

Subject:
CN=Shulan Hou, OU=Individual Developer, O=No Organization Affiliation, L=Beijing, S=Beijing, C=CN

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
1B471CD0973DAEB038ECC7D56538602F

File PE Metadata
Compilation timestamp:
8/4/2016 1:34:30 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
12288:lrvKY7GTfy4KctQW6tZKNdc1SyxSiB32jAnDub3xzpRHQhnHCk1f7OvEZkyE:lrvKIGToBW6t4FyPBGP9zbwdVtCUkyE

Entry address:
0x4556E

Entry point:
DF, EE, 62, 00, 00, A0, B9, AD, 9A, 92, 93, 62, 88, A4, 35, 00, BD, 39, A0, 53, BE, 6A, 00, 00, 00, 00, 0A, 3A, 32, 32, 1C, DB, 82, 2E, 69, C4, B7, 04, 53, C8, 52, 00, 00, 00, 00, DE, 21, 49, 60, 6C, 34, 43, 7F, 6B, 60, 23, DD, 1F, BC, 8F, 98, 1F, D9, 71, 00, 56, A8, 3C, B8, 25, 9B, B4, 7D, CA, 8B, AB, C8, C8, EA, 7C, 9B, 2D, 9A, 00, 00, 00, 00, B5, 93, 37, 17, C7, 03, 00, 00, 00, 00, EA, 7D, 4B, 45, 12, 37, 41, 61, 3F, 11, 07, EE, 5B, B3, DE, D5, 24, A7, 7F, 00, 0A, AA, 19, B0, 36, 95, 92, 19, BB, 97, 22...
 
[+]

Entropy:
7.0921

Code size:
427 KB (437,248 bytes)

Scheduled Task
Task name:
OutfireUpdateTaskMachineCore

Trigger:
Time


Remove outfireupdate.exe - Powered by Reason Core Security